You are grossly misinformed or you just don't understand what's at stake here, or both. Just as taxation presumes a prior state ownership claim on individuals' productive output without genuine consent, GDPR also treats personal data generated through EU-connected activities as under supranational stewardship, compelling controllers and processors to serve as data custodians enforcing EU-defined rights, deletions, and portability, often at odds with the data subjects' or businesses' own judgments. In short, there are already existing privacy laws that should have been amended to deal with protecting privacy of individuals without ascribing jurisdictional authority to the state overr data. The law of contracts also exists for a reason.

Furthermore, this authoritarian control erodes natural rights to privacy as an extension of personal autonomy while substituting state-managed "protection" for true property-based solutions like voluntary contracts and reputation mechanisms, ultimately subordinating human agency and flourishing to bureaucrats like Von Der Leyen and her ilk. Not to mention the increased overhead this creates for start-up companies that want to deal with EU citizens or be established in the EU. I won't even bother going the road of the technical friction this law causes insofar trying to distinguish bytes in the EU with those from the rest of the world. Nonsensical at the very least